9B88.exe and random number.exe
-
9B88.exe and random number.exe
I've recently run into some issues where if I leave my browser window open, I occasionally get a popup from AVG notifying me of an issue. Originally, I was being plagued by 9B88.exe and thought I fixed (or reacquired) it by following some remedies I found from searching online. Today, I got a similar popup warning me about some .exe that was just random numbers. Scans from multiple programs result in a clean bill of health and I suffer from no noticeable problems, but obviously something isn't right here and I'm a little concerned about these issues. I've followed the steps in the Sticky and will not paste the requested logs (included is also a Hijackthis log, even though it wasn't specified in the steps).
MBAM log:
Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: 7069
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
7/11/2011 3:22:45 AM
mbam-log-2011-07-11 (03-22-45).txt
Scan type: Quick scan
Objects scanned: 196156
Time elapsed: 1 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER log:
GMER 1.0.15.15640 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-11 03:53:36
Windows 6.1.7601 Service Pack 1
Running: zm2zb10q.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@ujdew 0xE9 0x57 0xC6 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8E 0xA4 0xF9 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujd ew 0xF9 0x58 0x35 0xCE ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAA 0x88 0x74 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8A 0x95 0x98 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0x7A 0x4E 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x65 0x7A 0x4E 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x48 0x61 0xAC 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x65 0x7A 0x4E 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0xE9 0x57 0xC6 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04\00000001@ujdew 0x8E 0xA4 0xF9 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF9 0x58 0x35 0xCE ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAA 0x88 0x74 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8A 0x95 0x98 0xB0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0x7A 0x4E 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x65 0x7A 0x4E 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x48 0x61 0xAC 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x65 0x7A 0x4E 0x60 ...
---- Files - GMER 1.0.15 ----
File C:\Users\Christopher\AppData\Roaming\Microsoft\Win dows\Cookies\christopher@localhost[5].txt 0 bytes
---- EOF - GMER 1.0.15 ----
aswMBR log:
aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-11 03:55:04
-----------------------------
03:55:04.915 OS Version: Windows x64 6.1.7601 Service Pack 1
03:55:04.915 Number of processors: 4 586 0x402
03:55:04.915 ComputerName: CHRISTOPHER-PC UserName: Christopher
03:55:10.829 Initialize success
03:55:10.899 AVAST engine defs: 11071001
03:55:21.852 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000081
03:55:21.852 Disk 0 Vendor: NVIDIA__ Size: 1907739MB BusType: 8
03:55:23.891 Disk 0 MBR read successfully
03:55:23.891 Disk 0 MBR scan
03:55:23.891 Disk 0 Windows 7 default MBR code
03:55:23.891 Service scanning
03:55:24.860 Disk 0 trace - called modules:
03:55:24.891 ntoskrnl.exe CLASSPNP.SYS disk.sys nvrd64.sys >>UNKNOWN [0xfffffa80070d22c0]<<
03:55:24.891 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008203060]
03:55:24.899 3 CLASSPNP.SYS[fffff88000fbd43f] -> nt!IofCallDriver -> \Device\00000081[0xfffffa8007f56060]
03:55:24.899 5 nvrd64.sys[fffff8800124b402] -> nt!IofCallDriver -> \Device\0000007e[0xfffffa8007f069c0]
03:55:24.899 \Driver\nvstor64[0xfffffa8007f10ac0] -> IRP_MJ_CREATE -> 0xfffffa80070d22c0
03:55:30.258 AVAST engine scan C:\Windows
04:04:34.055 File: C:\Windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
04:04:34.438 File: C:\Windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
04:04:34.516 File: C:\Windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
04:04:34.625 File: C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
04:04:34.696 File: C:\Windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
04:04:34.766 File: C:\Windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
04:04:43.524 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
04:27:26.697 AVAST engine scan C:\Users\Christopher
04:30:05.831 Disk 0 MBR has been saved successfully to "C:\Users\Christopher\Desktop\MBR.dat"
04:30:05.838 The log file has been saved successfully to "C:\Users\Christopher\Desktop\aswMBR.txt"
DDS Attach:
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/14/2010 9:57:29 PM
System Uptime: 7/11/2011 3:24:39 AM (1 hours ago)
.
Motherboard: MSI | | NF980-G65 (MS-7612)
Processor: AMD Phenom(tm) II X4 965 Processor | CPU1 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 1551.61 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP272: 7/1/2011 3:55:16 PM - Windows Update
RP273: 7/9/2011 12:35:14 AM - Scheduled Checkpoint
RP274: 7/9/2011 5:27:58 PM - Restore Operation
RP275: 7/11/2011 2:57:40 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
6500_E709_eDocs
6500_E709_Help
6500_E709a
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Advertising Center
Angry Birds
Aura DVD Copy 1.3.0
Aura DVD Ripper Professional 1.3.3
Aura Flash to Video Converter 1.1.0
Aura Software Manager 1.0.3
Aura Video Converter Professional 1.3.3
Aura Video to Audio Converter 1.3.3
avast! Free Antivirus
AVG PC Tuneup 2011
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
BulletStorm
calibre
Chinese Simplified Fonts Support For Adobe Reader 9
Chinese Traditional Fonts Support For Adobe Reader 9
Command & Conquer™ Red Alert™ 3
Curse Client
Cygnus Hex Editor FREE EDITION 1.00
D3DX10
Destinations
DeviceDiscovery
DocMgr
DocProc
DolbyFiles
Driver Genius Professional Edition
Dual-Core Optimizer
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 8.0.8.5 (19/03/2011)
EA Download Manager
Easy CD-DA Extractor 12
eReg
EVGA Precision 1.8.1
ExpressPCB
Fable III
Fast AVI MPEG Joiner 1.1.2
Fax
Fraps (remove only)
Futuremark SystemInfo
Google Chrome
Google Earth Plug-in
Google Update Helper
GPBaseService2
HiJackThis
HP Product Detection
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
HTC Driver Installer
HTC Sync
ImagXpress
ImgBurn
Internet TRiLOGI
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Korean Fonts Support For Adobe Reader 9
LightScribe System Software
Liveupdate4
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
Menu Templates - Starter Kit
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Templates - Starter Kit
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
National Instruments Software
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
NetWorx 5.1.6
NI Circuit Design Suite 11.0 Core
NI Circuit Design Suite 11.0 Pro
NI Circuit Design Suite 11.0 Pro Licenses
NI EULA Depot
NI Example Finder 9.0
NI Help Assistant
NI LabVIEW Real-Time NBFifo
NI LabVIEW Run-Time Engine 2009
NI LabVIEW Run-Time Engine 8.6.1
NI LabVIEW Run-Time Engine Interop 2009
NI LabVIEW Run-Time Engine Web Services
NI LabVIEW Web Server for Run-Time Engine
NI LabVIEW Web Services Runtime
NI LabWindows/CVI 9.0.1 Run-Time Engine
NI License Manager
NI Logos 5.1
NI Logos XT Support
NI Math Kernel Libraries
NI MDF Support
NI MetaSuite Installer
NI Service Locator
NI TDMS
NI Trace Engine
NI Uninstaller
NI Update Service 1.0
NI Update Service Extras 1.0
NI USI 1.7.0
NI VC2005MSMs x86
NI Web Pipeline 2.0.1
NVIDIA 3D Vision Controller Driver
NVIDIA MediaShield
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OverclockingCenter
Paragon Partition Manager 9.0 Professional
Plants vs. Zombies
ProductContext
PS3 Media Server
Realtek High Definition Audio Driver
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SmartWebPrinting
SolutionCenter
SoundTrax
Spybot - Search & Destroy
StarCraft II
Status
System Requirements Lab CYRI
TI Connect 1.6
TomTom HOME 2.8.0.2146
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
Viewpoint Media Player
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.10
WebReg
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows TRiLOGI
World of Warcraft
Xvid 1.1.3 final uninstall
YouTube Downloader 2.7
.
==== Event Viewer Messages From Past Week ========
.
7/9/2011 5:27:28 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
7/6/2011 4:50:28 AM, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 65.12.254.210.
7/6/2011 4:50:11 AM, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 184.227.112.116.
7/11/2011 4:30:25 AM, Error: TermDD [50] - The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
.
==== End Of File ===========================
DDS log:
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Christopher at 4:30:15 on 2011-07-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7935.4586 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\SysWOW64\lkads.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\MSI\OverclockingCenter\OverclockingCenter.ex e
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Windows\SysWOW64\nisvcloc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com/
uSearch Bar =
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Google Update] "C:\Users\Christopher\AppData\Local\Google\Update\ GoogleUpdate.exe" /c
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [µTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows \STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows \STARTM~1\Programs\Startup\OVERCL~1.LNK - C:\Program Files (x86)\MSI\OverclockingCenter\OverclockingCenter.ex e
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CE0F418-1010-442D-871C-3454827DD539} - hxxp://www.facefun.com/FaceFun_webinstall/FaceFun_product.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://clients.futuremark.com/openapi/receivers/FMSI.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E55132F5-AD2D-4C1B-92DE-10C151BDFD1C} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGI DSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.s ys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 PSSDK42;PSSDK42;\??\C:\Windows\system32\Drivers\ps sdk42.sys --> C:\Windows\system32\Drivers\pssdk42.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswF sBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\driver s\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-9 42184]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-10 2214504]
R2 SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-4-28 120832]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIV ERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIV ERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 DualCoreCenter;DualCoreCenter;C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [2010-1-14 44344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-1-23 24176]
R3 RushTopDevice_J;RushTopDevice_J;C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys [2010-1-14 33080]
R3 RushTopDevice2;RushTopDevice2;C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys [2010-1-14 75576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-11 136176]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-1-11 129440]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-11 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 MSI_DVD_010507;MSI_DVD_010507;C:\PROGRA~1\MSI\MSIW Dev\DVDSYS64_100507.sys [2010-5-10 28984]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\PROGRA~1\ MSI\MSIWDev\msibios64_100507.sys [2010-5-10 33592]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;C:\PROGRA~1\MS I\MSIWDev\VGASYS64_100507.sys [2010-5-10 14960]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsus bflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-11 06:57:58 388096 ----a-r- C:\Users\Christopher\AppData\Roaming\Microsoft\Ins taller\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-11 06:57:58 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-07-11 02:18:46 -------- d-----w- C:\Users\Christopher\AppData\Local\{678242D5-89DF-4583-B3F6-D5BD4FC28011}
2011-07-10 00:16:55 53248 ----a-r- C:\Users\Christopher\AppData\Roaming\Microsoft\Ins taller\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-07-10 00:16:46 -------- d-----w- C:\Users\Christopher\AppData\Local\Logishrd
2011-07-09 22:40:10 -------- d-----w- C:\Users\Christopher\AppData\Local\{0225C1B2-6794-451A-A72F-0FCC6EBC5163}
2011-07-08 17:45:24 -------- d-----w- C:\Users\Christopher\AppData\Local\{CAA98CAD-C2BC-4B8E-A784-0A8710FEE339}
2011-07-08 06:26:45 -------- d-----w- C:\ProgramData\PMS
2011-07-05 17:30:22 -------- d-----w- C:\Users\Christopher\AppData\Local\{578C1EC6-22E9-455B-B143-2D020F92F91A}
2011-07-05 16:56:44 -------- d-----w- C:\Users\Christopher\AppData\Local\{084B2787-4A21-4955-BBE7-97F2BEEFDFFE}
2011-07-04 05:08:57 -------- d-----w- C:\Users\Christopher\AppData\Local\{F8255D6E-E264-4230-947E-4BBF8ADECB36}
2011-07-03 18:46:30 -------- d-----w- C:\Users\Christopher\AppData\Local\{CC38FAF0-98DC-4653-B5EF-D8E43E943FF3}
2011-07-01 23:53:08 -------- d-----w- C:\Users\Christopher\AppData\Local\{1AF1B99A-437D-4FCA-893E-94B1651A302F}
2011-07-01 02:46:36 -------- d-----w- C:\Users\Christopher\AppData\Local\{9148A960-1656-47D3-8747-63251D684DF3}
2011-06-29 22:41:02 -------- d-----w- C:\Users\Christopher\AppData\Local\{0CFA0A7D-0630-436F-B118-C77325D78CF2}
2011-06-28 19:35:51 -------- d-----w- C:\Users\Christopher\AppData\Local\._Revolution_
2011-06-28 16:45:17 -------- d-----w- C:\Users\Christopher\AppData\Local\{BEC86CEB-EB7E-41C2-84D3-C3F6B4CE2841}
2011-06-27 02:24:22 -------- d-----w- C:\Users\Christopher\AppData\Local\{50A4C93A-296F-41E8-AC8E-5F35BDC361AC}
2011-06-26 15:18:38 -------- d-----w- C:\Users\Christopher\AppData\Local\{F3CBC5D2-41AA-4FD7-A2CC-F9381A2EAB5B}
2011-06-25 22:04:23 -------- d-----w- C:\Windows\System32\SPReview
2011-06-25 21:53:02 3072 ----a-w- C:\Windows\System32\drivers\ko-KR\vpchbus.sys.mui
2011-06-25 21:51:23 2560 ----a-w- C:\Windows\System32\drivers\hu-HU\vpcuxd.sys.mui
2011-06-25 21:50:03 3584 ----a-w- C:\Windows\System32\drivers\sv-SE\vpchbus.sys.mui
2011-06-25 21:48:22 2048 ----a-w- C:\Windows\System32\drivers\th-TH\vpcuxd.sys.mui
2011-06-25 21:47:16 2048 ----a-w- C:\Windows\System32\drivers\cs-CZ\vpcusb.sys.mui
2011-06-25 21:47:16 2048 ----a-w- C:\Windows\System32\drivers\cs-CZ\vpcnfltr.sys.mui
2011-06-25 21:47:16 14336 ----a-w- C:\Windows\System32\drivers\cs-CZ\vpcvmm.sys.mui
2011-06-25 21:47:15 3584 ----a-w- C:\Windows\System32\drivers\cs-CZ\vpchbus.sys.mui
2011-06-25 21:47:15 2048 ----a-w- C:\Windows\System32\drivers\cs-CZ\vpcuxd.sys.mui
2011-06-25 21:45:21 749568 ----a-w- C:\Program Files\Common Files\System\msadc\msadce.dll
2011-06-25 21:44:59 86528 ----a-w- C:\Windows\SysWow64\isoburn.exe
2011-06-25 21:43:59 477696 ----a-w- C:\Windows\System32\PhotoScreensaver.scr
2011-06-25 16:13:14 -------- d-----w- C:\Users\Christopher\AppData\Local\{2E62F2B3-85FA-423C-93DD-C4605BCB65EB}
2011-06-24 22:20:11 -------- d-----w- C:\Windows\PCHEALTH
2011-06-24 20:57:05 -------- d-----w- C:\Windows\CheckSur
2011-06-24 20:15:41 -------- d-----w- C:\Users\Christopher\AppData\Roaming\QuickScan
2011-06-24 20:15:26 -------- d-----w- C:\Program Files\Common Files\Auslogics
2011-06-24 20:15:21 431176 ------w- C:\Windows\System32\drivers\bdfsfltr.sys
2011-06-24 20:15:18 46905 ----a-w- C:\ProgramData\bdinstall.bin
2011-06-24 12:38:26 -------- d-----w- C:\Users\Christopher\AppData\Local\{7BF9165C-1AAF-461C-984B-B9F6DAF2A955}
2011-06-23 18:26:32 -------- d-----w- C:\Users\Christopher\AppData\Local\{4481F37C-B4B1-4B27-992C-A05962547678}
2011-06-22 22:31:07 -------- d-----w- C:\Users\Christopher\AppData\Local\{4CE2C44B-7DE7-4812-BC02-0F306E80453D}
2011-06-20 23:45:52 -------- d-----w- C:\Users\Christopher\AppData\Local\{E8819406-CCC8-4DE3-BAA2-BBB807633BC0}
2011-06-20 19:33:46 -------- d-----w- C:\Program Files (x86)\Cygnus FREE EDITION
2011-06-20 19:14:12 -------- d-----w- C:\Program Files (x86)\Common Files\Bcgsoft
2011-06-20 02:34:43 -------- d-----w- C:\Users\Christopher\AppData\Local\{C17F581C-C6BB-4525-8CB6-933F0F1A27C9}
2011-06-19 17:02:58 -------- d-----w- C:\Users\Christopher\AppData\Local\{17648FAA-32B9-45C0-8B86-0A42F026F2C1}
2011-06-17 23:39:17 -------- d-----w- C:\Users\Christopher\AppData\Local\{1A9AF1C3-D65F-4EE9-A0BB-4ADE30C05C98}
2011-06-17 19:12:25 -------- d-----w- C:\Users\Christopher\AppData\Roaming\Rovio
2011-06-17 19:11:53 -------- d-----w- C:\Program Files (x86)\Rovio
2011-06-17 17:32:37 -------- d-----w- C:\Users\Christopher\AppData\Local\{4FEBA92A-70E8-4A04-93DE-56394FB72B74}
2011-06-16 15:54:45 -------- d-----w- C:\Users\Christopher\AppData\Local\{60857FFD-26DE-47BF-8708-A6DEA94C88BE}
2011-06-16 00:51:57 -------- d-----w- C:\Program Files (x86)\PopCap Games
2011-06-15 20:58:38 -------- d-----w- C:\Users\Christopher\AppData\Local\{F3B48FE4-BDB6-4E81-B23A-8959F37BDB3F}
2011-06-15 18:51:56 -------- d-----w- C:\Windows\SysWow64\Updates
2011-06-15 18:51:55 -------- d-----w- C:\Windows\SysWow64\Data
2011-06-14 17:16:28 -------- d-----w- C:\Users\Christopher\AppData\Local\{2964C6BC-E03D-49B4-B9D5-55666155AB87}
2011-06-14 04:16:54 -------- d-----w- C:\Users\Christopher\AppData\Local\{41B3D984-CC5E-4C7A-95F9-1CD680FAA665}
2011-06-14 02:41:16 -------- d-----w- C:\Users\Christopher\AppData\Local\{63737ECA-4D14-4569-83B8-A3CF312197A5}
2011-06-13 21:54:23 -------- d-----w- C:\Users\Christopher\AppData\Local\{BF87C6BF-58EB-456F-9C9F-04FD6E9B144F}
2011-06-13 04:37:30 -------- d-----w- C:\Users\Christopher\AppData\Local\{1E75400E-12C9-40CB-A677-8B2FFB365060}
2011-06-12 15:46:24 -------- d-----w- C:\Users\Christopher\AppData\Local\{EC52126A-2C25-427A-8739-3848107326D0}
2011-06-12 01:13:50 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\DotNetInstaller.exe
2011-06-11 23:55:12 -------- d-----w- C:\Users\Christopher\AppData\Local\{7B103097-CC23-47FF-9C9F-0F09944674C7}
2011-06-11 23:43:34 -------- d-----w- C:\Users\Christopher\AppData\Local\{073222FC-184C-4A7E-BC61-C6D70D84B873}
2011-06-11 23:03:10 -------- d-----w- C:\Users\Christopher\AppData\Local\{A80238D8-3813-483E-9C81-4FBA77ADB2F1}
2011-06-11 18:52:02 -------- d-----w- C:\Users\Christopher\AppData\Local\{99BCFF0E-7C2F-4CEE-92E6-9251012DB421}
.
==================== Find3M ====================
.
2011-07-10 00:16:34 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-07-04 11:43:53 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-04 11:36:56 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-04 11:32:24 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-06-25 22:00:50 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-06-25 22:00:50 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-22 18:10:43 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 23:38:12 2899176 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-06-14 17:40:36 1483264 ----a-w- C:\Windows\System32\RCoRes64.dat
2011-06-13 23:04:16 1560680 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2011-06-10 21:35:30 603472 ----a-w- C:\Windows\System32\KAAPORT64.dll
2011-06-07 21:09:32 2405992 ----a-w- C:\Windows\System32\RtPgEx64.dll
2011-06-03 18:11:36 1805928 ----a-w- C:\Windows\System32\RtkApi64.dll
2011-06-02 21:03:58 92264 ----a-w- C:\Windows\System32\RCoInst64.dll
2011-05-31 14:09:30 3114088 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-05-31 13:42:06 728680 ----a-w- C:\Windows\System32\DTSBassEnhancementDLL64.dll
2011-05-31 13:42:06 712296 ----a-w- C:\Windows\System32\DTSSymmetryDLL64.dll
2011-05-31 13:42:06 693352 ----a-w- C:\Windows\System32\DTSVoiceClarityDLL64.dll
2011-05-31 13:42:06 491112 ----a-w- C:\Windows\System32\DTSNeoPCDLL64.dll
2011-05-31 13:42:06 432744 ----a-w- C:\Windows\System32\DTSLimiterDLL64.dll
2011-05-31 13:42:06 428648 ----a-w- C:\Windows\System32\DTSGainCompensatorDLL64.dll
2011-05-31 13:42:06 242792 ----a-w- C:\Windows\System32\DTSLFXAPO64.dll
2011-05-31 13:42:06 242792 ----a-w- C:\Windows\System32\DTSGFXAPO64.dll
2011-05-31 13:42:06 241768 ----a-w- C:\Windows\System32\DTSGFXAPONS64.dll
2011-05-31 13:42:06 1756264 ----a-w- C:\Windows\System32\DTSS2SpeakerDLL64.dll
2011-05-31 13:42:06 1568360 ----a-w- C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2011-05-31 13:42:06 1486952 ----a-w- C:\Windows\System32\DTSBoostDLL64.dll
2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-27 21:58:00 1284712 ----a-w- C:\Windows\RtlExUpd.dll
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-23 21:12:36 1245288 ----a-w- C:\Windows\System32\RTCOM64.dll
2011-05-21 02:35:28 304744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-05-11 16:21:30 1261440 ----a-w- C:\Windows\System32\drivers\cfosspeed6.sys
2011-05-05 19:24:02 2085440 ----a-w- C:\Windows\System32\FMAPO64.dll
2011-05-05 18:15:00 220512 ----a-w- C:\Windows\System32\SFNHK64.dll
2011-05-05 18:14:56 78176 ----a-w- C:\Windows\System32\SFAPO64.dll
2011-05-05 18:14:52 81248 ----a-w- C:\Windows\System32\SFCOM64.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-05-02 18:27:56 118104 ----a-w- C:\Windows\System32\R4EEA64A.dll
2011-05-02 18:27:54 74072 ----a-w- C:\Windows\System32\R4EEG64A.dll
2011-05-02 18:27:54 426328 ----a-w- C:\Windows\System32\R4EED64A.dll
2011-05-02 18:27:54 3308376 ----a-w- C:\Windows\System32\R4EEP64A.dll
2011-05-02 18:27:54 136024 ----a-w- C:\Windows\System32\R4EEL64A.dll
2011-04-30 11:59:32 55064 ----a-w- C:\Windows\System32\LMouFiltCoInst.dll
2011-04-30 11:59:32 42776 ----a-w- C:\Windows\System32\drivers\LUsbFilt.sys
2011-04-30 11:59:22 66840 ----a-w- C:\Windows\System32\drivers\LHidFilt.Sys
2011-04-30 11:59:22 60184 ----a-w- C:\Windows\System32\drivers\LMouFilt.Sys
2011-04-30 11:59:22 1845528 ----a-w- C:\Windows\System32\LkmdfCoInst.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 19:10:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-18 22:50:00 2601816 ----a-w- C:\Windows\System32\WavesGUILib.dll
2011-04-18 22:50:00 2238296 ----a-w- C:\Windows\System32\MaxxAudioRealtek.dll
2011-04-15 01:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
.
============= FINISH: 4:31:57.03 ===============
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:36:34 AM, on 7/11/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\MSI\OverclockingCenter\OverclockingCenter.ex e
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, Free Online News, Sport, Music, Movies, Money and Cars from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Free Online News, Sport, Music, Movies, Money and Cars from MSN UK
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Christopher\AppData\Local\Google\Update\ GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2314537987-383577248-3485416241-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2314537987-383577248-3485416241-1003\..\Run: [Google Update] "C:\Users\Christopher\AppData\Local\Google\Update\ GoogleUpdate.exe" /c (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2314537987-383577248-3485416241-1003\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2314537987-383577248-3485416241-1003\..\Run: [µTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2314537987-383577248-3485416241-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Startup: OverclockingCenter.exe - Shortcut.lnk = C:\Program Files (x86)\MSI\OverclockingCenter\OverclockingCenter.ex e
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: MSI Global - Computer, Laptop, Notebook, Desktop, Mainboard, Graphics and more
O15 - Trusted Zone: MSI Global - Computer, Laptop, Notebook, Desktop, Mainboard, Graphics and more
O16 - DPF: {0CE0F418-1010-442D-871C-3454827DD539} - Web Page Under Construction
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobio...ne/install.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (FuturemarkSystemInfoX Class) - http://clients.futuremark.com/openap...ivers/FMSI.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - http://content.systemrequirementslab...i_4.4.21.0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\SysWOW64\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\SysWOW64\lktsrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\Windows\SysWOW64\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SAS Core Service (SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13366 bytes
Thank you in advance!
Last edited by Popehappycat; 11-07-2011 at 09:54 AM.
Reason: disabled smilies
-
Welcome aboard 
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
================================================== ===
You're running two AV programs, AVG and Avast.
One of them has to go.
If AVG (that would be my suggestion), make sure to use AVG Remover to uninstall it: AVG - Download tools and utilities
Then....
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
I uninstalled AVG and disabled Avast but Combofix is still giving me that they are both active, so I uninstalled Avast as well, did the whole restart thing and I'm still getting the same message. If I click OK, it again tells me that they are running, but it will go ahead and scan regardless at my own risk. Should I just go ahead with the procedure, or is there something else I can do to to erase all tracks of AVG and Avast?
-
If it's just a warning go ahead.
-
I played around with Appremover a bit and still got the warning, so I ran Combofix anyways.
ComboFix 11-07-11.04 - Christopher 07/11/2011 23:09:18.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7935.5798 [GMT -4:00]
Running from: c:\users\Christopher\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-12 03:12 . 2011-07-12 03:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-07-12 03:12 . 2011-07-12 03:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-11 06:57 . 2011-07-11 06:57 388096 ----a-r- c:\users\Christopher\AppData\Roaming\Microsoft\Ins taller\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-11 06:57 . 2011-07-11 06:57 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-10 00:16 . 2011-07-10 00:16 53248 ----a-r- c:\users\Christopher\AppData\Roaming\Microsoft\Ins taller\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-07-10 00:16 . 2011-07-10 00:16 -------- d-----w- c:\users\Christopher\AppData\Local\Logishrd
2011-07-10 00:15 . 2011-07-10 00:16 -------- d-----w- c:\program files\Logitech
2011-07-08 06:26 . 2011-07-08 06:26 -------- d-----w- c:\programdata\PMS
2011-06-28 19:35 . 2011-07-10 02:12 -------- d-----w- c:\users\Christopher\AppData\Local\._Revolution_
2011-06-25 22:04 . 2011-06-25 22:04 -------- d-----w- c:\windows\system32\SPReview
2011-06-25 21:53 . 2010-11-20 10:33 3072 ----a-w- c:\windows\system32\drivers\ko-KR\vpchbus.sys.mui
2011-06-25 21:51 . 2010-11-20 09:41 14336 ----a-w- c:\windows\system32\drivers\hu-HU\vpcvmm.sys.mui
2011-06-25 21:50 . 2010-11-20 09:46 3584 ----a-w- c:\windows\system32\drivers\ru-RU\vpchbus.sys.mui
2011-06-25 21:48 . 2010-11-20 09:49 14336 ----a-w- c:\windows\system32\drivers\th-TH\vpcvmm.sys.mui
2011-06-25 21:47 . 2010-11-20 09:31 2048 ----a-w- c:\windows\system32\drivers\cs-CZ\vpcnfltr.sys.mui
2011-06-25 21:47 . 2010-11-20 09:31 14336 ----a-w- c:\windows\system32\drivers\cs-CZ\vpcvmm.sys.mui
2011-06-25 21:47 . 2010-11-20 09:26 2048 ----a-w- c:\windows\system32\drivers\cs-CZ\vpcusb.sys.mui
2011-06-25 21:47 . 2010-11-20 09:32 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\vpchbus.sys.mui
2011-06-25 21:47 . 2010-11-20 09:31 2048 ----a-w- c:\windows\system32\drivers\cs-CZ\vpcuxd.sys.mui
2011-06-25 21:45 . 2010-11-20 09:27 749568 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2011-06-25 21:44 . 2010-11-20 09:27 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-06-25 21:43 . 2010-11-20 09:27 455168 ----a-w- c:\windows\system32\nshipsec.dll
2011-06-24 22:20 . 2011-06-25 20:22 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-06-24 22:20 . 2011-06-24 22:20 -------- d-----w- c:\windows\PCHEALTH
2011-06-24 22:14 . 2011-06-24 22:14 -------- d-----r- C:\MSOCache
2011-06-24 20:57 . 2011-06-24 20:57 -------- d-----w- c:\windows\CheckSur
2011-06-24 20:15 . 2011-06-24 20:15 -------- d-----w- c:\users\Christopher\AppData\Roaming\QuickScan
2011-06-24 20:15 . 2011-06-24 20:15 -------- d-----w- c:\program files\Common Files\Auslogics
2011-06-24 20:15 . 2011-03-24 19:36 431176 ------w- c:\windows\system32\drivers\bdfsfltr.sys
2011-06-24 20:15 . 2011-06-24 20:17 46905 ----a-w- c:\programdata\bdinstall.bin
2011-06-21 19:51 . 2011-06-21 19:51 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-06-20 19:33 . 2011-06-20 19:33 -------- d-----w- c:\program files (x86)\Cygnus FREE EDITION
2011-06-20 19:14 . 2011-06-20 19:14 -------- d-----w- c:\program files (x86)\Common Files\Bcgsoft
2011-06-17 19:12 . 2011-06-17 19:12 -------- d-----w- c:\users\Christopher\AppData\Roaming\Rovio
2011-06-17 19:11 . 2011-06-17 19:11 -------- d-----w- c:\program files (x86)\Rovio
2011-06-16 00:51 . 2011-06-16 00:51 -------- d-----w- c:\program files (x86)\PopCap Games
2011-06-15 18:51 . 2011-07-07 16:32 -------- d-----w- c:\windows\SysWow64\Updates
2011-06-15 18:51 . 2011-07-07 16:32 -------- d-----w- c:\windows\SysWow64\Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-07-10 00:16 . 2011-01-30 00:48 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-04 11:43 . 2011-03-17 00:00 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-25 22:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-25 22:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-22 18:10 . 2011-06-10 16:45 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-29 13:11 . 2010-01-15 15:37 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2010-01-15 15:37 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-27 21:58 . 2011-03-06 23:32 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-05-25 06:09 . 2011-06-04 17:28 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2011-05-25 06:09 . 2011-06-04 17:28 70760 ----a-w- c:\windows\system32\nvapo64v.dll
2011-05-25 06:09 . 2011-06-04 17:28 174184 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2011-05-25 06:09 . 2011-04-22 18:31 1426536 ----a-w- c:\windows\system32\nvhdagenco642040.dll
2011-05-25 06:09 . 2011-06-04 17:29 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 06:09 . 2011-06-04 17:29 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 06:09 . 2011-06-04 17:29 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-25 06:09 . 2011-06-04 17:29 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-06-04 17:29 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-05-25 06:09 . 2011-06-04 17:29 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-06-04 17:28 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-06-04 17:28 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-05-25 06:09 . 2011-05-11 03:18 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-05-25 06:09 . 2011-06-04 17:28 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-05-25 06:09 . 2011-06-04 17:28 22286952 ----a-w- c:\windows\system32\nvoglv64.dll
2011-05-25 06:09 . 2011-06-04 17:28 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-05-25 06:09 . 2011-06-04 17:28 2943592 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2011-06-04 17:28 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-05-25 06:09 . 2011-06-04 17:28 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-05-25 06:09 . 2011-06-04 17:28 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
2011-05-25 06:09 . 2011-06-04 17:28 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
2011-05-25 06:09 . 2011-06-04 17:28 13206120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-25 06:09 . 2009-09-27 23:12 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-05-25 06:09 . 2011-06-04 17:28 7123560 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2011-06-04 17:28 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-05-25 06:09 . 2011-06-04 17:28 2644584 ----a-w- c:\windows\system32\nvapi64.dll
2011-05-25 06:09 . 2011-06-04 17:28 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2011-06-04 17:28 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-05-25 06:09 . 2011-06-04 17:28 18583144 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 06:09 . 2011-06-04 17:28 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-05-25 06:09 . 2010-07-10 09:38 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-05-21 02:35 . 2011-05-21 02:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-05-11 16:21 . 2011-06-02 17:16 1261440 ----a-w- c:\windows\system32\drivers\cfosspeed6.sys
2011-04-30 11:59 . 2011-04-30 11:59 55064 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2011-04-30 11:59 . 2011-04-30 11:59 42776 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys
2011-04-30 11:59 . 2011-04-30 11:59 66840 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2011-04-30 11:59 . 2011-04-30 11:59 60184 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2011-04-30 11:59 . 2011-04-30 11:59 1845528 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2011-04-22 22:15 . 2011-05-24 20:11 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-12_03.04.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-15 04:49 . 2011-07-12 03:05 52514 c:\windows\system32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-12 03:06 35542 c:\windows\system32\wdi\BootPerformanceDiagnostics _SystemData.bin
+ 2010-01-15 03:29 . 2011-07-12 03:06 18792 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2314537987-383577248-3485416241-1001_UserData.bin
- 2010-01-15 03:05 . 2011-07-12 02:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-15 03:05 . 2011-07-12 03:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-15 03:05 . 2011-07-12 02:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-15 03:05 . 2011-07-12 03:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-15 03:05 . 2011-07-12 03:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2010-01-15 03:05 . 2011-07-12 02:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2010-01-15 03:05 . 2011-07-12 03:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-15 03:05 . 2011-07-12 03:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-15 03:05 . 2011-07-12 03:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
- 2010-01-15 03:05 . 2011-07-12 03:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
- 2011-07-12 03:04 . 2011-07-12 03:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2011-07-12 03:13 . 2011-07-12 03:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2011-07-12 03:13 . 2011-07-12 03:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2011-07-12 03:04 . 2011-07-12 03:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2009-07-14 02:36 . 2011-07-12 02:47 628436 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-12 03:18 628436 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-12 03:18 107742 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-07-12 02:47 107742 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-07-12 03:03 404256 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-12 03:12 404256 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-01-19 2736128]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-06-22 639352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-01 2988928]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144]
"µTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-06-22 639352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"DelReg"="c:\program files (x86)\MSI\OverclockingCenter\DelReg.exe" [2008-12-04 196608]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Christopher\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\
OverclockingCenter.exe - Shortcut.lnk - c:\program files (x86)\MSI\OverclockingCenter\OverclockingCenter.ex e [2010-1-14 811008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 136176]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x6 4.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-03 129440]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIW Dev\DVDSYS64_100507.sys [2010-05-10 28984]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\ MSI\MSIWDev\msibios64_100507.sys [2010-05-10 33592]
R3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MS I\MSIWDev\VGASYS64_100507.sys [2010-05-10 14960]
R3 PCAlertDriver;PCAlertDriver;c:\program files (x86)\MSI\PC Alert 4\NTGLM7X64.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-09-19 19952]
R3 sxuptp;SXUPTP Driver; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 hotcore3;hotcore3;c:\windows\SysWOW64\drivers\hotc ore3.sys [2008-01-21 36368]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk4 2.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-04-28 120832]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S3 DualCoreCenter;DualCoreCenter;c:\program files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [2010-04-12 44344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
S3 RushTopDevice_J;RushTopDevice_J;c:\program files (x86)\MSI\OverclockingCenter\RushJ64.sys [2009-03-05 33080]
S3 RushTopDevice2;RushTopDevice2;c:\program files (x86)\MSI\OverclockingCenter\RushTop64.sys [2008-12-19 75576]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - DUALCORECENTER
*NewlyCreated* - NVR0DEV
*NewlyCreated* - PBFILTER
*NewlyCreated* - RUSHTOPDEVICE2
*NewlyCreated* - RUSHTOPDEVICE_J
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-01-19 20:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 08:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 23:15]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 23:15]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2314537987-383577248-3485416241-1001Core.job
- c:\users\Christopher\AppData\Local\Google\Update\G oogleUpdate.exe [2010-10-07 06:20]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2314537987-383577248-3485416241-1001UA.job
- c:\users\Christopher\AppData\Local\Google\Update\G oogleUpdate.exe [2010-10-07 06:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2011-05-11 1435520]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 192.168.0.1
DPF: {0CE0F418-1010-442D-871C-3454827DD539} - hxxp://www.facefun.com/FaceFun_webinstall/FaceFun_product.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2314537987-383577248-3485416241-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:7c,6a,89,57,37,fb,75,4b,07,0e,92,50,7b,1c ,04,58,ce,31,7a,9b,7e,ab,25,
c5,ea,d2,7f,b3,7c,c7,d1,8b,14,d9,a2,9d,48,2e,2f,a8 ,92,c9,26,60,39,b4,3a,69,\
"??"=hex:3a,a5,dc,01,a4,3c,df,e3,79,85,e9,4e,de,a1 ,ef,72
.
[HKEY_USERS\S-1-5-21-2314537987-383577248-3485416241-1001\Software\SecuROM\License information*]
"datasecu"=hex:da,00,ff,73,93,ce,f3,44,ef,a8,42,8e ,b9,2f,98,7d,9e,aa,2d,e9,ef,
0f,54,87,39,3b,97,16,7c,19,ee,5e,d7,62,cd,e6,84,e4 ,18,c6,97,4c,cb,55,b6,4a,\
"rkeysecu"=hex:76,ed,f5,44,16,90,c0,0b,84,39,2f,bb ,bb,01,cb,4c
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
************************************************** ************************
.
Completion time: 2011-07-11 23:33:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-12 03:33
.
Pre-Run: 1,676,952,166,400 bytes free
Post-Run: 1,676,629,389,312 bytes free
.
- - End Of File - - D45C0F985FD64562E9536D9000AFD55E
-
Looks totally clean.
Download TDSSKiller and save it to your desktop.
- Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
-
2011/07/11 23:50:43.0435 5032 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/11 23:50:43.0801 5032 ================================================== ==============================
2011/07/11 23:50:43.0801 5032 SystemInfo:
2011/07/11 23:50:43.0801 5032
2011/07/11 23:50:43.0801 5032 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/11 23:50:43.0801 5032 Product type: Workstation
2011/07/11 23:50:43.0801 5032 ComputerName: CHRISTOPHER-PC
2011/07/11 23:50:43.0801 5032 UserName: Christopher
2011/07/11 23:50:43.0801 5032 Windows directory: C:\Windows
2011/07/11 23:50:43.0801 5032 System windows directory: C:\Windows
2011/07/11 23:50:43.0801 5032 Running under WOW64
2011/07/11 23:50:43.0801 5032 Processor architecture: Intel x64
2011/07/11 23:50:43.0801 5032 Number of processors: 4
2011/07/11 23:50:43.0801 5032 Page size: 0x1000
2011/07/11 23:50:43.0801 5032 Boot type: Normal boot
2011/07/11 23:50:43.0801 5032 ================================================== ==============================
2011/07/11 23:50:44.0334 5032 Initialize success
2011/07/11 23:50:47.0616 3800 ================================================== ==============================
2011/07/11 23:50:47.0616 3800 Scan started
2011/07/11 23:50:47.0616 3800 Mode: Manual;
2011/07/11 23:50:47.0616 3800 ================================================== ==============================
2011/07/11 23:50:48.0370 3800 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/07/11 23:50:48.0398 3800 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/07/11 23:50:48.0432 3800 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/07/11 23:50:48.0467 3800 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/11 23:50:48.0494 3800 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/11 23:50:48.0512 3800 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/11 23:50:48.0574 3800 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/07/11 23:50:48.0627 3800 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/11 23:50:48.0666 3800 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/11 23:50:48.0686 3800 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/11 23:50:48.0715 3800 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/11 23:50:48.0734 3800 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/11 23:50:48.0755 3800 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/07/11 23:50:48.0803 3800 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/11 23:50:48.0843 3800 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/07/11 23:50:48.0875 3800 androidusb (363571bc0c79e394e69300d1f2e3ddae) C:\Windows\system32\Drivers\androidusb.sys
2011/07/11 23:50:48.0909 3800 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/07/11 23:50:48.0948 3800 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/11 23:50:48.0989 3800 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/11 23:50:49.0015 3800 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/11 23:50:49.0037 3800 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/11 23:50:49.0071 3800 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/11 23:50:49.0117 3800 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/11 23:50:49.0154 3800 bdfsfltr (66116e0a4da8407ff7f2aaace52b8b54) C:\Windows\system32\DRIVERS\bdfsfltr.sys
2011/07/11 23:50:49.0212 3800 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/11 23:50:49.0241 3800 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/11 23:50:49.0279 3800 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/11 23:50:49.0298 3800 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/11 23:50:49.0327 3800 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/11 23:50:49.0353 3800 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/11 23:50:49.0371 3800 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/11 23:50:49.0422 3800 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/11 23:50:49.0444 3800 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/11 23:50:49.0461 3800 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/11 23:50:49.0516 3800 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/11 23:50:49.0557 3800 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/07/11 23:50:49.0605 3800 cFosSpeed (954b02631ac49f1a09e3783551394eed) C:\Windows\system32\DRIVERS\cfosspeed6.sys
2011/07/11 23:50:49.0630 3800 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/11 23:50:49.0672 3800 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/11 23:50:49.0748 3800 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/11 23:50:49.0765 3800 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/11 23:50:49.0801 3800 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/07/11 23:50:49.0844 3800 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/11 23:50:49.0872 3800 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/11 23:50:49.0949 3800 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/11 23:50:49.0993 3800 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/07/11 23:50:50.0036 3800 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/07/11 23:50:50.0061 3800 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/11 23:50:50.0084 3800 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/11 23:50:50.0136 3800 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/07/11 23:50:50.0165 3800 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
2011/07/11 23:50:50.0211 3800 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/07/11 23:50:50.0235 3800 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/11 23:50:50.0291 3800 DualCoreCenter (21cefcd380d436bc0cd8a6eda1f00227) C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys
2011/07/11 23:50:50.0333 3800 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/11 23:50:50.0407 3800 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/11 23:50:50.0501 3800 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/11 23:50:50.0526 3800 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/11 23:50:50.0558 3800 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/11 23:50:50.0577 3800 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/11 23:50:50.0615 3800 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/11 23:50:50.0642 3800 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/11 23:50:50.0660 3800 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/11 23:50:50.0687 3800 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/11 23:50:50.0720 3800 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/07/11 23:50:50.0748 3800 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/11 23:50:50.0763 3800 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/11 23:50:50.0820 3800 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/11 23:50:50.0840 3800 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/11 23:50:50.0867 3800 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/11 23:50:50.0899 3800 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/07/11 23:50:50.0934 3800 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/11 23:50:50.0972 3800 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/11 23:50:51.0008 3800 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/11 23:50:51.0024 3800 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/11 23:50:51.0054 3800 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/11 23:50:51.0100 3800 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/11 23:50:51.0133 3800 HTCAND64 (363571bc0c79e394e69300d1f2e3ddae) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2011/07/11 23:50:51.0160 3800 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/07/11 23:50:51.0227 3800 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/11 23:50:51.0253 3800 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/07/11 23:50:51.0286 3800 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/07/11 23:50:51.0322 3800 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/11 23:50:51.0387 3800 IntcAzAudAddService (718a4008ee5da174400396b27509ef82) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/11 23:50:51.0464 3800 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/11 23:50:51.0496 3800 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/11 23:50:51.0530 3800 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/11 23:50:51.0569 3800 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/11 23:50:51.0588 3800 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/11 23:50:51.0631 3800 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/11 23:50:51.0660 3800 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/11 23:50:51.0683 3800 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/07/11 23:50:51.0719 3800 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/11 23:50:51.0741 3800 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/11 23:50:51.0778 3800 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/11 23:50:51.0798 3800 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/11 23:50:51.0826 3800 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/11 23:50:51.0890 3800 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/07/11 23:50:51.0919 3800 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/11 23:50:52.0022 3800 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/07/11 23:50:52.0047 3800 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/11 23:50:52.0091 3800 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/11 23:50:52.0117 3800 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/11 23:50:52.0141 3800 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/11 23:50:52.0177 3800 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/11 23:50:52.0210 3800 LUsbFilt (11ddb1d900078fbe3691df7b878aec28) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/07/11 23:50:52.0233 3800 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/11 23:50:52.0279 3800 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/11 23:50:52.0305 3800 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/11 23:50:52.0346 3800 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/11 23:50:52.0375 3800 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/11 23:50:52.0419 3800 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/11 23:50:52.0452 3800 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/07/11 23:50:52.0482 3800 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/07/11 23:50:52.0516 3800 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/11 23:50:52.0549 3800 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/07/11 23:50:52.0584 3800 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/11 23:50:52.0628 3800 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/11 23:50:52.0650 3800 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/11 23:50:52.0681 3800 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/07/11 23:50:52.0733 3800 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/07/11 23:50:52.0775 3800 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/11 23:50:52.0808 3800 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/11 23:50:52.0834 3800 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/11 23:50:52.0882 3800 MSI_DVD_010507 (b0142fb630770fd1e31983793cef5945) C:\PROGRA~1\MSI\MSIWDev\DVDSYS64_100507.sys
2011/07/11 23:50:52.0898 3800 MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys
2011/07/11 23:50:52.0909 3800 MSI_VGASYS_010507 (541721064012dd044aeb1b74fbdbda14) C:\PROGRA~1\MSI\MSIWDev\VGASYS64_100507.sys
2011/07/11 23:50:52.0954 3800 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/11 23:50:52.0980 3800 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/11 23:50:53.0009 3800 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/11 23:50:53.0041 3800 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/07/11 23:50:53.0083 3800 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/07/11 23:50:53.0105 3800 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/11 23:50:53.0124 3800 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/11 23:50:53.0149 3800 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/11 23:50:53.0210 3800 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/11 23:50:53.0249 3800 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/07/11 23:50:53.0268 3800 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/11 23:50:53.0289 3800 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/11 23:50:53.0307 3800 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/11 23:50:53.0335 3800 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/11 23:50:53.0365 3800 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/07/11 23:50:53.0414 3800 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/11 23:50:53.0452 3800 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/11 23:50:53.0486 3800 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/11 23:50:53.0525 3800 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/11 23:50:53.0548 3800 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/11 23:50:53.0601 3800 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/07/11 23:50:53.0647 3800 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/11 23:50:53.0690 3800 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/07/11 23:50:53.0743 3800 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
2011/07/11 23:50:53.0878 3800 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/11 23:50:53.0974 3800 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/07/11 23:50:54.0000 3800 NVR0Dev (eda6e97b453388bb51ce84b8a11d9d13) C:\Windows\nvoclk64.sys
2011/07/11 23:50:54.0120 3800 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/07/11 23:50:54.0175 3800 nvrd64 (6f2d9d7f339f0c9ef358793f92ba3393) C:\Windows\system32\DRIVERS\nvrd64.sys
2011/07/11 23:50:54.0197 3800 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/07/11 23:50:54.0217 3800 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/07/11 23:50:54.0236 3800 nvstor64 (a1578751d32b2ced76dca2b20c2b22a5) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/07/11 23:50:54.0291 3800 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/11 23:50:54.0327 3800 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/11 23:50:54.0382 3800 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/11 23:50:54.0431 3800 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/07/11 23:50:54.0500 3800 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys
2011/07/11 23:50:54.0583 3800 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/07/11 23:50:54.0609 3800 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/11 23:50:54.0631 3800 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/11 23:50:54.0651 3800 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/11 23:50:54.0689 3800 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/11 23:50:54.0764 3800 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/11 23:50:54.0814 3800 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/11 23:50:54.0849 3800 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/11 23:50:54.0888 3800 PSSDK42 (cd33cb6fecf65520466f95ab89cc4af5) C:\Windows\system32\Drivers\pssdk42.sys
2011/07/11 23:50:54.0945 3800 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/11 23:50:54.0977 3800 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/11 23:50:55.0000 3800 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/11 23:50:55.0022 3800 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/11 23:50:55.0035 3800 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/11 23:50:55.0080 3800 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/11 23:50:55.0106 3800 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/11 23:50:55.0122 3800 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/11 23:50:55.0150 3800 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/11 23:50:55.0178 3800 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/11 23:50:55.0198 3800 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/11 23:50:55.0242 3800 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/07/11 23:50:55.0261 3800 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/11 23:50:55.0275 3800 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/11 23:50:55.0317 3800 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/07/11 23:50:55.0364 3800 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/07/11 23:50:55.0424 3800 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
2011/07/11 23:50:55.0473 3800 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/11 23:50:55.0533 3800 RushTopDevice2 (f86ed44261ac62e915fb0e4b2133039d) C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys
2011/07/11 23:50:55.0555 3800 RushTopDevice_J (ed4061d042a21961a94bab25fd505f6a) C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys
2011/07/11 23:50:55.0597 3800 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/07/11 23:50:55.0667 3800 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/07/11 23:50:55.0684 3800 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/07/11 23:50:55.0738 3800 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/11 23:50:55.0769 3800 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/11 23:50:55.0814 3800 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/11 23:50:55.0849 3800 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/11 23:50:55.0871 3800 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/11 23:50:55.0892 3800 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/11 23:50:55.0928 3800 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/07/11 23:50:55.0969 3800 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/11 23:50:56.0009 3800 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/11 23:50:56.0036 3800 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/11 23:50:56.0095 3800 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/11 23:50:56.0126 3800 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/11 23:50:56.0143 3800 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/11 23:50:56.0188 3800 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/11 23:50:56.0242 3800 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
2011/07/11 23:50:56.0242 3800 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf
2011/07/11 23:50:56.0246 3800 sptd - detected LockedFile.Multi.Generic (1)
2011/07/11 23:50:56.0281 3800 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/07/11 23:50:56.0317 3800 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/11 23:50:56.0368 3800 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/11 23:50:56.0408 3800 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/11 23:50:56.0442 3800 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/07/11 23:50:56.0468 3800 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/07/11 23:50:56.0524 3800 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/07/11 23:50:56.0597 3800 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/07/11 23:50:56.0641 3800 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/11 23:50:56.0686 3800 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/11 23:50:56.0713 3800 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/11 23:50:56.0738 3800 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/11 23:50:56.0781 3800 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/11 23:50:56.0812 3800 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/07/11 23:50:56.0891 3800 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
2011/07/11 23:50:56.0934 3800 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/11 23:50:56.0993 3800 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/11 23:50:57.0016 3800 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/11 23:50:57.0058 3800 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/11 23:50:57.0111 3800 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/11 23:50:57.0153 3800 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/11 23:50:57.0189 3800 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/07/11 23:50:57.0209 3800 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/11 23:50:57.0237 3800 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/11 23:50:57.0290 3800 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/11 23:50:57.0329 3800 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/11 23:50:57.0353 3800 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/11 23:50:57.0371 3800 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/11 23:50:57.0391 3800 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/11 23:50:57.0424 3800 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/11 23:50:57.0460 3800 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/11 23:50:57.0500 3800 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/07/11 23:50:57.0544 3800 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/11 23:50:57.0573 3800 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/11 23:50:57.0598 3800 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/11 23:50:57.0629 3800 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/07/11 23:50:57.0673 3800 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/11 23:50:57.0708 3800 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/07/11 23:50:57.0749 3800 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/07/11 23:50:57.0786 3800 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/07/11 23:50:57.0821 3800 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/07/11 23:50:57.0855 3800 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/07/11 23:50:57.0888 3800 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/07/11 23:50:57.0915 3800 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/07/11 23:50:57.0968 3800 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/07/11 23:50:58.0019 3800 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
2011/07/11 23:50:58.0046 3800 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/11 23:50:58.0075 3800 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/07/11 23:50:58.0115 3800 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/11 23:50:58.0169 3800 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/11 23:50:58.0178 3800 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/11 23:50:58.0262 3800 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/11 23:50:58.0289 3800 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/11 23:50:58.0339 3800 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/11 23:50:58.0356 3800 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/11 23:50:58.0419 3800 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/11 23:50:58.0462 3800 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/11 23:50:58.0527 3800 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/07/11 23:50:58.0583 3800 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/11 23:50:58.0617 3800 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/11 23:50:58.0624 3800 Boot (0x1200) (517e7acd98d4b2889c9da8b7a3944f35) \Device\Harddisk0\DR0\Partition0
2011/07/11 23:50:58.0629 3800 ================================================== ==============================
2011/07/11 23:50:58.0629 3800 Scan finished
2011/07/11 23:50:58.0629 3800 ================================================== ==============================
2011/07/11 23:50:58.0637 0484 Detected object count: 1
2011/07/11 23:50:58.0637 0484 Actual detected object count: 1
2011/07/11 23:51:13.0470 0484 LockedFile.Multi.Generic(sptd) - User select action: Skip
-
Nothing there....
Assuming we're leaving AVG off, please reinstall Avast now.
Then....
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
OTL:
OTL logfile created on: 7/12/2011 12:30:39 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Christopher\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.75 Gb Total Physical Memory | 5.75 Gb Available Physical Memory | 74.26% Memory free
15.50 Gb Paging File | 13.40 Gb Available in Paging File | 86.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.01 Gb Total Space | 1560.84 Gb Free Space | 83.78% Space Free | Partition Type: NTFS
Computer Name: CHRISTOPHER-PC | User Name: Christopher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/07/12 00:11:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/22 15:22:04 | 000,639,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/12/10 08:29:00 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/12/10 08:28:56 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/11/20 04:17:56 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/06/30 11:21:14 | 000,811,008 | ---- | M] (MSI, Inc. ) -- C:\Program Files (x86)\MSI\OverclockingCenter\OverclockingCenter.ex e
PRC - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/06/18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009/06/18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2009/06/18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2009/06/04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe
PRC - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
========== Modules (SafeList) ==========
MOD - [2011/07/12 00:11:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/20 03:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6 975e2bd6f2b2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/06/17 03:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/05/11 12:21:26 | 000,415,616 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2010/04/28 11:23:07 | 000,120,832 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (SASCORE)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/01/03 15:21:00 | 000,129,440 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/12/10 08:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/18 10:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/06/18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2008/10/31 14:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/25 02:09:17 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/11 12:21:30 | 001,261,440 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6)
DRV:64bit: - [2011/04/30 07:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/04/30 07:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 07:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/03/24 15:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/01 12:47:18 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2010/11/20 05:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 05:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 03:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/08/12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/05/10 10:44:46 | 000,028,984 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\DVDSYS64_100507.sys -- (MSI_DVD_010507)
DRV:64bit: - [2010/05/10 10:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\msibios64_100507.sys -- (MSI_MSIBIOS_010507)
DRV:64bit: - [2010/05/10 10:44:18 | 000,014,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\VGASYS64_100507.sys -- (MSI_VGASYS_010507)
DRV:64bit: - [2010/04/29 06:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (HTCAND64)
DRV:64bit: - [2010/04/29 06:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/16 18:05:29 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/09/19 19:39:43 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/04/12 11:36:26 | 000,044,344 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys -- (DualCoreCenter)
DRV - [2009/03/05 07:55:20 | 000,033,080 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys -- (RushTopDevice_J)
DRV - [2008/12/19 05:17:36 | 000,075,576 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys -- (RushTopDevice2)
DRV - [2008/04/14 03:21:50 | 000,017,920 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\Ntaccess.sys -- (WEBNTACCESS)
DRV - [2008/01/21 17:43:42 | 000,036,368 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\hotcore3.sys -- (hotcore3)
DRV - [2006/10/13 09:18:26 | 000,018,216 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)
DRV - [2002/07/17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2314537987-383577248-3485416241-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2314537987-383577248-3485416241-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2314537987-383577248-3485416241-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 EE EF 13 8F 95 CA 01 [binary data]
IE - HKU\S-1-5-21-2314537987-383577248-3485416241-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2314537987-383577248-3485416241-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, Free Online News, Sport, Music, Movies, Money and Cars from MSN UK
IE - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 EE EF 13 8F 95 CA 01 [binary data]
IE - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Christopher\AppData\Local\Google\Update\1 .3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Christopher\AppData\Local\Google\Update\1 .3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/15 00:41:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/15 00:41:40 | 000,000,000 | ---D | M]
[2010/12/26 12:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\Mozilla\Exten sions
[2010/12/26 12:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\Mozilla\Exten sions\home2@tomtom.com
[2010/12/26 12:04:33 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
O1 HOSTS File: ([2011/07/11 23:31:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe ()
O4 - HKU\S-1-5-21-2314537987-383577248-3485416241-1001..\Run: [µTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2314537987-383577248-3485416241-1001..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-2314537987-383577248-3485416241-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2314537987-383577248-3485416241-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-2314537987-383577248-3485416241-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2314537987-383577248-3485416241-1003..\Run: [µTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2314537987-383577248-3485416241-1003..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-2314537987-383577248-3485416241-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2314537987-383577248-3485416241-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2314537987-383577248-3485416241-1003..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-2314537987-383577248-3485416241-1003..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2314537987-383577248-3485416241-1003..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-2314537987-383577248-3485416241-1003..\RunOnce: [spchecker] File not found
O4 - Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\OverclockingCenter.exe - Shortcut.lnk = C:\Program Files (x86)\MSI\OverclockingCenter\OverclockingCenter.ex e (MSI, Inc. )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2314537987-383577248-3485416241-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2314537987-383577248-3485416241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2314537987-383577248-3485416241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-2314537987-383577248-3485416241-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2314537987-383577248-3485416241-1001\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2314537987-383577248-3485416241-1001\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2314537987-383577248-3485416241-1001\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2314537987-383577248-3485416241-1001\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2314537987-383577248-3485416241-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CE0F418-1010-442D-871C-3454827DD539} http://www.facefun.com/FaceFun_webin...un_product.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn...Detection2.cab (GMNRev Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobio...ne/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://clients.futuremark.com/openap...ivers/FMSI.cab (FuturemarkSystemInfoX Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab...i_4.4.21.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/14 22:30:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/07/12 00:18:14 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/12 00:18:14 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/07/12 00:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/07/12 00:18:08 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/12 00:18:07 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/12 00:18:06 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/12 00:18:04 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/12 00:17:54 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/12 00:17:54 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/12 00:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/12 00:11:47 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe
[2011/07/11 23:31:08 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/07/11 22:55:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/11 22:55:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/11 22:55:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/11 22:33:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/11 22:30:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/11 02:57:59 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\HiJackThis
[2011/07/11 02:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/07/10 22:18:46 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{678242D5-89DF-4583-B3F6-D5BD4FC28011}
[2011/07/09 20:16:46 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\Logishrd
[2011/07/09 20:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/07/09 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{0225C1B2-6794-451A-A72F-0FCC6EBC5163}
[2011/07/08 13:45:24 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{CAA98CAD-C2BC-4B8E-A784-0A8710FEE339}
[2011/07/08 02:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2011/07/05 13:30:22 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{578C1EC6-22E9-455B-B143-2D020F92F91A}
[2011/07/05 12:56:44 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{084B2787-4A21-4955-BBE7-97F2BEEFDFFE}
[2011/07/04 01:08:57 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{F8255D6E-E264-4230-947E-4BBF8ADECB36}
[2011/07/03 14:46:30 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{CC38FAF0-98DC-4653-B5EF-D8E43E943FF3}
[2011/07/01 19:53:08 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{1AF1B99A-437D-4FCA-893E-94B1651A302F}
[2011/06/30 22:46:36 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{9148A960-1656-47D3-8747-63251D684DF3}
[2011/06/29 18:41:02 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{0CFA0A7D-0630-436F-B118-C77325D78CF2}
[2011/06/28 15:35:51 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\._Revolution_
[2011/06/28 12:45:17 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{BEC86CEB-EB7E-41C2-84D3-C3F6B4CE2841}
[2011/06/26 22:24:22 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{50A4C93A-296F-41E8-AC8E-5F35BDC361AC}
[2011/06/26 11:18:38 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{F3CBC5D2-41AA-4FD7-A2CC-F9381A2EAB5B}
[2011/06/25 18:04:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/06/25 17:44:55 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/06/25 17:43:44 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/06/25 16:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/06/25 12:13:14 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{2E62F2B3-85FA-423C-93DD-C4605BCB65EB}
[2011/06/24 18:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/06/24 18:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011/06/24 18:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/06/24 18:20:11 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/06/24 18:14:04 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/06/24 16:57:05 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011/06/24 16:25:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/24 16:15:41 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\QuickScan
[2011/06/24 16:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Auslogics
[2011/06/24 16:15:21 | 000,431,176 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2011/06/24 08:38:26 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{7BF9165C-1AAF-461C-984B-B9F6DAF2A955}
[2011/06/23 14:26:32 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{4481F37C-B4B1-4B27-992C-A05962547678}
[2011/06/22 21:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/06/22 18:31:07 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{4CE2C44B-7DE7-4812-BC02-0F306E80453D}
[2011/06/22 17:10:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011/06/22 17:10:06 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011/06/22 17:10:06 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011/06/22 17:10:06 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011/06/22 17:10:05 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2011/06/22 17:10:05 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2011/06/22 17:10:05 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011/06/22 17:10:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011/06/22 17:10:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011/06/22 17:10:05 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2011/06/22 17:10:05 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011/06/22 17:10:05 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011/06/22 17:10:05 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011/06/22 17:10:05 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2011/06/22 17:10:05 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2011/06/22 17:10:05 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011/06/22 17:10:05 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2011/06/22 17:10:05 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011/06/22 17:10:05 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2011/06/22 17:10:05 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2011/06/22 17:10:05 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2011/06/22 17:10:04 | 002,238,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2011/06/22 17:10:04 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011/06/22 17:10:04 | 000,603,472 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2011/06/22 17:10:04 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2011/06/22 17:10:04 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2011/06/22 17:10:04 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011/06/22 17:10:02 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011/06/22 17:10:02 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2011/06/22 17:10:02 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2011/06/22 17:10:02 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2011/06/22 17:10:02 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2011/06/22 17:10:02 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2011/06/22 17:10:02 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2011/06/22 17:10:02 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2011/06/22 17:10:02 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2011/06/22 17:10:02 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2011/06/22 17:10:02 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2011/06/22 17:10:02 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2011/06/22 17:10:02 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2011/06/21 15:51:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/06/20 19:45:52 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{E8819406-CCC8-4DE3-BAA2-BBB807633BC0}
[2011/06/20 15:33:46 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Cygnus Hex Editor FREE EDITION
[2011/06/20 15:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygnus Hex Editor FREE EDITION
[2011/06/20 15:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cygnus FREE EDITION
[2011/06/20 15:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bcgsoft
[2011/06/19 22:34:43 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{C17F581C-C6BB-4525-8CB6-933F0F1A27C9}
[2011/06/19 13:02:58 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{17648FAA-32B9-45C0-8B86-0A42F026F2C1}
[2011/06/17 19:39:17 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{1A9AF1C3-D65F-4EE9-A0BB-4ADE30C05C98}
[2011/06/17 15:12:25 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Rovio
[2011/06/17 15:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
[2011/06/17 15:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovio
[2011/06/17 13:32:37 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{4FEBA92A-70E8-4A04-93DE-56394FB72B74}
[2011/06/16 11:54:45 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{60857FFD-26DE-47BF-8708-A6DEA94C88BE}
[2011/06/15 20:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
[2011/06/15 20:51:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
[2011/06/15 16:58:38 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{F3B48FE4-BDB6-4E81-B23A-8959F37BDB3F}
[2011/06/15 14:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Updates
[2011/06/15 14:51:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data
[2011/06/14 13:16:28 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{2964C6BC-E03D-49B4-B9D5-55666155AB87}
[2011/06/14 00:16:54 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{41B3D984-CC5E-4C7A-95F9-1CD680FAA665}
[2011/06/13 22:41:16 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{63737ECA-4D14-4569-83B8-A3CF312197A5}
[2011/06/13 17:54:23 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{BF87C6BF-58EB-456F-9C9F-04FD6E9B144F}
[2011/06/13 00:37:30 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{1E75400E-12C9-40CB-A677-8B2FFB365060}
[2011/06/12 11:46:24 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\{EC52126A-2C25-427A-8739-3848107326D0}
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/07/12 00:28:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2314537987-383577248-3485416241-1001UA.job
[2011/07/12 00:18:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/12 00:11:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe
[2011/07/11 23:40:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/11 23:31:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/07/11 23:31:05 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/11 23:21:04 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/11 23:21:04 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/11 23:18:04 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/11 23:18:04 | 000,628,436 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/11 23:18:04 | 000,107,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/11 23:13:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/11 23:13:44 | 1945,546,751 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/11 21:28:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2314537987-383577248-3485416241-1001Core.job
[2011/07/09 17:19:27 | 000,000,600 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\B32A.6F2
[2011/07/08 02:26:45 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/04 07:43:42 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/04 07:36:56 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/04 07:36:54 | 000,288,088 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/04 07:35:28 | 000,045,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/04 07:32:35 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/04 07:32:14 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/06/29 03:37:38 | 000,429,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/29 02:28:43 | 000,002,437 | ---- | M] () -- C:\Users\Christopher\Desktop\Google Chrome.lnk
[2011/06/26 03:51:58 | 000,435,530 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110709-181711.backup
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/25 17:28:51 | 000,435,376 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110626-035158.backup
[2011/06/24 16:17:56 | 000,046,905 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2011/06/17 15:11:54 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds.lnk
[2011/06/15 20:52:00 | 000,001,317 | ---- | M] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
[2011/06/15 20:51:10 | 000,435,194 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110621-211049.backup
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/07/11 22:55:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/11 22:55:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/11 22:55:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/11 22:55:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/11 22:55:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/09 17:19:27 | 000,000,600 | ---- | C] () -- C:\Users\Christopher\AppData\Roaming\B32A.6F2
[2011/06/25 17:45:13 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/06/25 17:44:54 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/06/25 17:43:58 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011/06/25 17:43:56 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/06/25 17:43:56 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/06/25 17:43:55 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/06/24 16:15:18 | 000,046,905 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/06/21 15:51:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/17 15:11:54 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds.lnk
[2011/06/15 20:52:00 | 000,001,317 | ---- | C] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/26 17:08:55 | 000,745,280 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/17 17:01:41 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/17 17:01:41 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/04/17 16:36:24 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/27 10:50:25 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/03/17 18:26:07 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/12/01 11:18:23 | 003,835,624 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/11/05 19:46:31 | 000,005,120 | ---- | C] () -- C:\Users\Christopher\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/09 00:09:52 | 004,244,744 | ---- | C] () -- C:\Windows\SysWow64\qtp-mt334.dll
[2010/05/09 00:09:52 | 000,247,560 | ---- | C] () -- C:\Windows\SysWow64\prgiso.dll
[2010/04/19 19:23:30 | 000,122,824 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/04/09 17:02:58 | 000,004,222 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/28 14:03:22 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/03/16 11:43:06 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010/01/28 15:07:54 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/24 10:29:48 | 000,000,217 | ---- | C] () -- C:\Users\Christopher\AppData\Roaming\default.rss
[2010/01/24 10:29:48 | 000,000,000 | ---- | C] () -- C:\Users\Christopher\AppData\Roaming\downloads.m3u
[2010/01/24 10:29:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/01/19 20:11:33 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/01/15 00:41:32 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/15 00:34:44 | 000,231,412 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010/01/15 00:34:44 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2010/01/14 23:18:07 | 000,007,602 | ---- | C] () -- C:\Users\Christopher\AppData\Local\Resmon.ResmonCf g
[2010/01/14 23:05:13 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/02/01 09:18:14 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\FlashSys.sys
========== LOP Check ==========
[2010/02/08 23:00:24 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Acreon
[2010/02/02 18:58:52 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Atari
[2011/06/11 15:33:49 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Aura DVD Copy
[2011/04/18 08:06:55 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Aura4You
[2010/04/26 14:43:32 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Bioshock2
[2011/01/09 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\BoneTown
[2011/02/05 11:12:03 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\calibre
[2010/02/16 11:54:32 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Codemasters
[2010/01/15 21:04:12 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010/04/08 11:01:59 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Command and Conquer 4
[2011/03/17 10:59:23 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\DAEMON Tools Pro
[2011/01/30 20:20:46 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\dBpoweramp
[2011/06/24 15:23:05 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Dropbox
[2011/04/17 16:00:34 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\DVDFab
[2011/06/24 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Gmote
[2010/01/20 17:58:52 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\ImgBurn
[2010/02/02 18:31:39 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Leadertech
[2011/05/30 14:35:18 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Lionhead Studios
[2010/03/29 13:58:31 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\National Instruments
[2011/06/24 16:15:41 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\QuickScan
[2010/01/16 10:20:31 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Red Alert 3
[2010/01/17 15:14:44 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Red Alert 3 Uprising
[2011/06/17 15:12:25 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Rovio
[2010/05/20 11:18:39 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Teleca
[2010/12/26 12:04:42 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\TomTom
[2010/05/22 20:06:39 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Top Evidence
[2011/07/12 00:31:14 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\uTorrent
[2010/11/20 15:59:09 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Windows Live Writer
[2011/06/24 22:05:20 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/01/14 22:30:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/15 01:46:36 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2010/11/20 04:40:08 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010/01/15 01:46:38 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/07/11 23:33:17 | 000,025,443 | ---- | M] () -- C:\ComboFix.txt
[2010/01/14 22:30:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/06/03 22:37:11 | 000,000,027 | ---- | M] () -- C:\dx3_eyefinity.log
[2011/07/11 23:13:44 | 1945,546,751 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/14 22:30:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/24 16:16:59 | 000,016,911 | ---- | M] () -- C:\LU4.log
[2010/01/14 22:30:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 08:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/07/11 23:13:45 | 4025,720,831 | -HS- | M] () -- C:\pagefile.sys
[2011/07/11 23:51:40 | 000,070,590 | ---- | M] () -- C:\TDSSKiller.2.5.9.0_11.07.2011_23.50.43_log.txt
< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/03/16 11:52:21 | 000,000,221 | -HS- | M] () -- C:\Users\Christopher\AppData\Roaming\Microsoft\Int ernet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2011/02/02 14:43:14 | 000,430,080 | ---- | M] (3DU Microsystems) -- C:\Users\Christopher\Desktop\JetSpecs.exe
[2011/07/12 00:11:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2011/06/25 18:14:00 | 000,000,402 | -HS- | M] () -- C:\Users\Christopher\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/17 16:36:24 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011/06/24 16:17:56 | 000,046,905 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2010/01/15 00:41:49 | 000,001,542 | ---- | M] () -- C:\ProgramData\hpzinstall.log
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:96D0C06F
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C765C323
< End of report >
-
(Had to split, wouldn't let me post both logs in one reply)
Extras:
OTL Extras logfile created on: 7/12/2011 12:30:39 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Christopher\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.75 Gb Total Physical Memory | 5.75 Gb Available Physical Memory | 74.26% Memory free
15.50 Gb Paging File | 13.40 Gb Available in Paging File | 86.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.01 Gb Total Space | 1560.84 Gb Free Space | 83.78% Space Free | Partition Type: NTFS
Computer Name: CHRISTOPHER-PC | User Name: Christopher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21903252-3854-48D6-8F0C-F648CFA818C9}" = NI Help Assistant (64bit)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{65CBBF0F-F891-4F33-860C-C75E963653A2}" = NI TDMS (64-bit)
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{79E44BF5-C355-4A5D-8F9F-25F53ACF794E}" = NI VC2008MSMs x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{94D5B25E-194F-AF08-E444-F51FC2038DE5}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CA7DAF6F-D5F4-46FD-A824-7E0B472C3211}" = NI USI 1.7.0 64-Bit
"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0F9AD6F-2C2A-44A8-8961-F21B5356E050}" = NI Logos64 XT Support
"{D8C0E5E1-3B66-465D-8F9B-F591F5CDA726}" = NI Trace Engine (64-bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E68686D1-A5BB-467A-8DE7-A01166722607}" = NI VC2005MSMs x64
"{EC90795D-968C-4BCA-B958-27B111F3B3F6}" = NI Logos64 5.1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"CCleaner" = CCleaner
"cFosSpeed" = cFosSpeed v6.60
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.30
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05046BCC-5E64-4A85-8615-D84DE4C1D865}" = NI VC2005MSMs x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07A99739-82EE-4537-AF2E-1607015D9992}" = NI Service Locator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFF0C5C-D82D-4C11-91AB-86411792D081}" = NI Uninstaller
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7
"{1B06E3AF-1CE2-4085-AE4E-DFEC369E86D3}" = NI Logos XT Support
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBC283A-8B22-48FA-9DFA-6C65E34455FA}" = NI LabVIEW Real-Time NBFifo
"{200927E3-5E45-493A-9343-508613BC59CE}" = NI LabVIEW Web Services Runtime
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{307776AF-FA52-4CBA-84DA-190E52929C35}" = NI Update Service Extras 1.0
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{383AD0A2-FD79-4CF0-B823-C695E32BD08D}" = NI LabVIEW Run-Time Engine Web Services
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3DAA4182-08B7-45D9-8620-6B0E13018670}" = NI TDMS
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4FFBBF14-D82E-483D-8C1D-FCECAABD399E}" = NI LabWindows/CVI 9.0.1 Run-Time Engine
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B77060-04B4-468E-89A9-F68EEE466F57}" = NI USI 1.7.0
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A70FCD2-C019-4723-868F-07CD6C7755FF}" = NI Logos 5.1
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{644DAD90-2083-4871-BD49-721BF8FAE295}" = NI LabVIEW Run-Time Engine 8.6.1
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6B25BB26-A1EC-4A23-AB6C-211E57B67777}" = LightScribe System Software
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C520D64-E109-4A73-82A3-7808592051BC}" = NI Circuit Design Suite 11.0 Core
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7ACFB216-29F7-4331-A5ED-2563AEB51F21}" = NI Trace Engine
"{7B8CE908-BF69-4E20-9BFE-681C573879F1}" = NI LabVIEW Run-Time Engine 2009
"{7BE5AA0C-E564-430F-B297-2B01121A1C5A}" = NI LabVIEW Real-Time NBFifo
"{80843623-6460-4A3E-BFE6-6C66BDAE5178}" = Angry Birds
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84FAE06F-A199-4991-8526-AF57A2A0D779}" = NI Circuit Design Suite 11.0 Pro
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{97AAF472-E437-4C89-AAB3-FD6785315069}" = NI Circuit Design Suite 11.0 Pro Licenses
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBA6DF34-EA20-4FFB-8440-1F9657643F79}" = NI MDF Support
"{BC4174D1-7970-40E6-AC57-F095F961FB08}" = HTC Sync
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{c356beee-34d7-4e20-9ee7-3c661770dcbd}" = Nero 9
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5773953-8F33-47BD-85D7-BE719021EB3E}" = NI Update Service 1.0
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}" = Paragon Partition Manager 9.0 Professional
"{C9894B05-06D2-4F85-86C8-6B0D011A6BA5}" = NI License Manager
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CC452A50-5C87-4A1F-B295-445C3C69BF7D}" = NVIDIA MediaShield
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D76162F1-AFAC-47BE-9302-5F35491725E1}" = NI LabVIEW Run-Time Engine Interop 2009
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DB0447DB-B876-468B-AE6F-0E00BE78B40D}" = calibre
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E37CCD6C-56C1-43C7-B2FA-24A32B6B09F7}" = NI Example Finder 9.0
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E6F385C0-79A1-44F0-9C15-70D1F2C74D01}" = NI EULA Depot
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED5F7AF9-347B-4440-A211-C6236508CC08}" = ExpressPCB
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F208D986-7DBA-47A1-B2B6-29048C1C3087}" = NI MetaSuite Installer
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FEFA778A-05D2-4D0F-80A3-7AE24B8161C0}" = NI LabVIEW Web Server for Run-Time Engine
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Aura DVD Copy_is1" = Aura DVD Copy 1.3.0
"Aura DVD Ripper Professional_is1" = Aura DVD Ripper Professional 1.3.3
"Aura Flash to Video Converter_is1" = Aura Flash to Video Converter 1.1.0
"Aura Software Manager_is1" = Aura Software Manager 1.0.3
"Aura Video Converter Professional_is1" = Aura Video Converter Professional 1.3.3
"Aura Video to Audio Converter_is1" = Aura Video to Audio Converter 1.3.3
"avast" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"Cygnus Hex Editor FREE EDITION" = Cygnus Hex Editor FREE EDITION 1.00
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.8.5 (19/03/2011)
"EADM" = EA Download Manager
"Easy CD-DA Extractor 12" = Easy CD-DA Extractor 12
"Fast AVI MPEG Joiner_is1" = Fast AVI MPEG Joiner 1.1.2
"Fraps" = Fraps (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"Internet TRiLOGI_is1" = Internet TRiLOGI
"Liveupdate4_is1" = Liveupdate4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"NetWorx_is1" = NetWorx 5.1.6
"NI Uninstaller" = National Instruments Software
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OverclockingCenter_is1" = OverclockingCenter
"Plants vs. Zombies" = Plants vs. Zombies
"Precision" = EVGA Precision 1.8.1
"PS3 Media Server" = PS3 Media Server
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"StarCraft II" = StarCraft II
"TomTom HOME" = TomTom HOME 2.8.0.2146
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinTRiLOGI_is1" = Windows TRiLOGI
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2314537987-383577248-3485416241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2314537987-383577248-3485416241-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"090215de958f1060" = Curse Client
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/9/2011 12:32:43 AM | Computer Name = Christopher-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 7/9/2011 12:32:58 AM | Computer Name = Christopher-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6 975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa39 6087175ac9ac.manifest.
Error - 7/9/2011 6:48:24 PM | Computer Name = Christopher-PC | Source = VSS | ID = 22
Description =
Error - 7/9/2011 6:48:24 PM | Computer Name = Christopher-PC | Source = VSS | ID = 8193
Description =
Error - 7/10/2011 2:23:05 AM | Computer Name = Christopher-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BU ILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 7/10/2011 2:24:29 AM | Computer Name = Christopher-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 7/10/2011 2:24:42 AM | Computer Name = Christopher-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6 975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa39 6087175ac9ac.manifest.
Error - 7/11/2011 12:51:15 AM | Computer Name = Christopher-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BU ILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 7/11/2011 12:52:11 AM | Computer Name = Christopher-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 7/11/2011 12:52:23 AM | Computer Name = Christopher-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6 975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa39 6087175ac9ac.manifest.
[ OSession Events ]
Error - 3/20/2011 5:19:55 PM | Computer Name = Christopher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/20/2011 5:19:58 PM | Computer Name = Christopher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/20/2011 5:20:36 PM | Computer Name = Christopher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/20/2011 5:21:17 PM | Computer Name = Christopher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/20/2011 5:21:21 PM | Computer Name = Christopher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/20/2011 5:21:28 PM | Computer Name = Christopher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/20/2011 5:21:32 PM | Computer Name = Christopher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/25/2011 2:12:36 PM | Computer Name = Christopher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/25/2011 2:12:44 PM | Computer Name = Christopher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/25/2011 2:13:06 PM | Computer Name = Christopher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 7/11/2011 11:08:27 PM | Computer Name = Christopher-PC | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
time(s).
Error - 7/11/2011 11:08:27 PM | Computer Name = Christopher-PC | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 7/11/2011 11:11:13 PM | Computer Name = Christopher-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 7/11/2011 11:12:50 PM | Computer Name = Christopher-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 7/11/2011 11:31:10 PM | Computer Name = Christopher-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\nvoclock.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 7/11/2011 11:31:10 PM | Computer Name = Christopher-PC | Source = Service Control Manager | ID = 7000
Description = The NVR0Dev service failed to start due to the following error: %%1275
Error - 7/11/2011 11:31:11 PM | Computer Name = Christopher-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\nvoclock.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 7/11/2011 11:31:11 PM | Computer Name = Christopher-PC | Source = Service Control Manager | ID = 7000
Description = The NVR0Dev service failed to start due to the following error: %%1275
Error - 7/11/2011 11:31:11 PM | Computer Name = Christopher-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\nvoclock.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 7/11/2011 11:31:11 PM | Computer Name = Christopher-PC | Source = Service Control Manager | ID = 7000
Description = The NVR0Dev service failed to start due to the following error: %%1275
< End of report >
Newbie
